Consultant

Security checks across malware telemetry and agentic risk

Overview

This consulting skill is a markdown-only workflow aid that clearly uses local notes for continuity and does not include executable code or hidden network behavior.

Install only if you are comfortable with consulting notes being stored locally under ~/consultant/. Review or delete that folder when needed, and avoid putting secrets, credentials, or unnecessary confidential details into the skill's memory files.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Low

Confidence: 91% confidence
Finding: The setup instructions explicitly direct the agent to initialize a local workspace and later update `memory.md`, but they do not require a clear user-facing warning about persistence, file creation, or what data may be retained. This can lead to unintended storage of user preferences or business context on disk, which is a real security and privacy concern even if the intent is operational convenience rather than data exfiltration.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal